Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5943 1 Apple 1 Mac Os X 2015-10-26 4.3 MEDIUM N/A
SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app.
CVE-2015-5938 1 Apple 1 Mac Os X 2015-10-26 6.8 MEDIUM N/A
ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image.
CVE-2015-5934 1 Apple 1 Mac Os X 2015-10-26 6.8 MEDIUM N/A
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933.
CVE-2015-5933 1 Apple 1 Mac Os X 2015-10-26 6.8 MEDIUM N/A
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934.
CVE-2015-7016 1 Apple 1 Mac Os X 2015-10-26 7.6 HIGH N/A
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.
CVE-2015-6984 1 Apple 1 Mac Os X 2015-10-26 8.8 HIGH N/A
libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.
CVE-2015-5932 1 Apple 1 Mac Os X 2015-10-26 7.2 HIGH N/A
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
CVE-2015-7019 1 Apple 1 Mac Os X 2015-10-26 5.6 MEDIUM N/A
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020.
CVE-2014-0529 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2015-10-23 10.0 HIGH N/A
Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-3344 5 Adobe, Apple, Google and 2 more 5 Flash Player, Mac Os X, Android and 2 more 2015-10-23 10.0 HIGH N/A
Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.
CVE-2014-1251 1 Apple 1 Quicktime 2015-10-21 9.3 HIGH N/A
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.
CVE-2014-1244 1 Apple 1 Quicktime 2015-10-21 9.3 HIGH N/A
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
CVE-2014-4498 1 Apple 1 Mac Os X 2015-10-09 4.7 MEDIUM N/A
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue.
CVE-2015-1084 1 Apple 2 Iphone Os, Safari 2015-09-30 5.0 MEDIUM N/A
The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.
CVE-2015-1129 1 Apple 2 Iphone Os, Safari 2015-09-29 4.3 MEDIUM N/A
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
CVE-2014-4671 4 Adobe, Apple, Linux and 1 more 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more 2015-09-22 4.3 MEDIUM N/A
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
CVE-2015-1148 1 Apple 1 Mac Os X 2015-09-17 5.0 MEDIUM N/A
Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.
CVE-2015-1144 1 Apple 1 Mac Os X 2015-09-17 7.2 HIGH N/A
Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier.
CVE-2015-1141 1 Apple 1 Mac Os X 2015-09-17 4.9 MEDIUM N/A
The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors.
CVE-2015-1142 1 Apple 1 Mac Os X 2015-09-17 2.1 LOW N/A
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.